ETSI releases first comprehensive global standard for securing smart phones
November 2021 by Marc Jacob
Today our smartphones and tablets are fundamental for citizens and hold a wide range of user data and apps. At the same time, security attacks have increased with malicious applications and network eavesdropping. To define security and assurance requirements for smart phones and tablets, mitigate potential risks and protect users, ETSI has released a world class standard called Consumer Mobile Device Protection Profile, ETSI TS 103 732. The specification identifies key security and privacy risks for user data and provides appropriate protection.
“Following the improvement in security achieved with ETSI EN 303 645 for consumer IoT devices, ETSI has been working on securing other consumer devices. ETSI TS 103 732 provides a complete solution to secure smart phones and tablets, minimizing privacy risks and maximizing user confidence that their smart devices protect their data" says Alex Leadbeater, ETSI Cybersecurity Chair.
The new ETSI standard specifies security requirements for consumer mobile devices. It ensures the protection of key user data such as photos, videos, user location, emails, SMS, calls, passwords for web services, and fitness related data. The ETSI specification has a broad coverage of security features including cryptographic support, user data protection, identification and authentication, security management, privacy protection, resistance to physical attack, secure boot, and trusted communication channels.
In addition, ETSI TS 103 732 defines the security assurance requirements based on Common Criteria and it is therefore also suitable for certification initiatives such as the European Cybersecurity Act. The standard was developed to support consumer mobile devices manufacturers to achieve security certification. It also offers a common methodology for evaluators to assess the security of consumer mobile devices.
ETSI TS 103 732 is the first of a series of ETSI EN 303 645 derivative standards on consumer cybersecurity that ETSI will be delivering within the next twelve to eighteen months.